From dc01ec286198751c1395afc0cda0836eb98b563d Mon Sep 17 00:00:00 2001
From: Fedor Katurov <gotham48@gmail.com>
Date: Wed, 6 Mar 2024 18:14:59 +0700
Subject: [PATCH] wrote article on cert renewal

---
 .../Linux/Certbot well-known auto renew.md    | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 content/Linux/Certbot well-known auto renew.md

diff --git a/content/Linux/Certbot well-known auto renew.md b/content/Linux/Certbot well-known auto renew.md
new file mode 100644
index 0000000..0a12e49
--- /dev/null
+++ b/content/Linux/Certbot well-known auto renew.md	
@@ -0,0 +1,31 @@
+This is translation of article from [clsv.ru](https://clsv.ru/linux/lets_encrypt_eto_legko_i_prosto_60), which explains how to automate certbot's well-known, also known as HTTP challenge for wildcard certs renewal.
+
+You'll need 4 scripts:
+
+1. Authentication script, which will write authentication file:
+```shell
+#!/bin/bash
+echo $CERTBOT_VALIDATION > /var/www/html/.well-known/$CERTBOT_TOKEN
+```
+2. Cleanup script, that will delete that 
+```shell
+#!/bin/bash
+rm -f /var/www/html/.well-known/$CERTBOT_TOKEN
+```
+3. Initial cert acquiring script:
+```shell
+certbot certonly \
+  --preferred-challenges=http --manual \
+  --manual-auth-hook /path/to/auth.sh \
+  --manual-cleanup-hook /oath/to/clean.sh 
+  -d "vault48.org,*.vault48.org" \
+  --manual-public-ip-logging-ok
+```
+1. Renewal script itself to put it in crontab
+```shell
+certbot renew --manual-public-ip-logging-ok \
+  --manual-auth-hook /path/to/auth.sh \
+  --manual-cleanup-hook /path/to/clean.sh
+```
+
+Don't forget to configure your http server to serve `.well-known`.
\ No newline at end of file